The Hacker News — Cyber Security, Hacking, Technology News

Today, the popular Music streaming service Spotify said the company has suffered a Data breach and warned users of its Android app to upgrade it in the wake of a potential data breach in their servers.

Spotify is a commercial music streaming service launched in October 2008 by Swedish start-up Spotify AB and is freely available for Android and iOS devices as well as for desktop computers with more than 40 million active users, out of which about 10 million users are its paid subscribers. It offers offline listening and ad-free playback are also available for Premium subscribers of the service.

The company announced that a hacker had allegedly broken into its systems and gained unauthorized access to the internal company data. So far only one of its users’ accounts has been accessed in the data breach, but the company believes that there is no harm to the financial information, payment details or password of the affected user.

"Our evidence shows that only one Spotify user's data has been accessed and this did not include any password, financial, or payment information,” Spotify chief technology officer Oskar Stal said in a blog post on Tuesday. “We have contacted this one individual. Based on our findings, we are not aware of any increased risk to users as a result of this incident."

The company takes the matters seriously and immediately launched an investigation. But they do not believe users are at any extended risk following the breach.

However, Stal said the company takes such matters very seriously, and as “general precautions,” Spotify will signed out some of their desktop, iOS, Android and Windows Phone apps users in the coming days and will ask them to log-in again by re-entering their username and password, just some extra steps to ensure its customers’ private data stays safe.

Spotify will release the updates this week and will also guide its Android users to upgrade the Android app. "Please note that offline playlists will have to be re-downloaded in the new version," Stål said. "We apologize for any inconvenience this causes, but hope you understand that this is a necessary precaution to safeguard the quality of our service and protect our users."

In their statements, Spotify has not given any details that how attackers were able to compromise the database, but the above Android app recommendation hints that users of Android app are likely at great risk, as there are possibilities that the data breach was caused because of a vulnerability in the Android app. Whereas, Spotify said, ‘no action recommended for iOS and Windows Phone users’ at this time.

The news comes after the latest eBay massive data breach that affected 145 million registered users across the world after the company’s database was compromised by the hackers.

World's largest Digital documents library 'Scribd' announced that, they were hacked in a recent attack and hacker potentially able to compromise general user information, which includes usernames, emails, and encrypted passwords of partial database. "Even though this information was accessed, the passwords stored by Scribd are encrypted"

They emailed every user whose password was potentially compromised with details of the situation and instructions for resetting their password. "Earlier this week, Scribd's Operations team discovered and blocked suspicious activity on Scribd's network that appears to have been a deliberate attempt to access the email addresses and passwords of registered Scribd users." Scribd team said on blog post.

If your account was among those affected, visit http://www.scribd.com/password/check and Check that you are one of the lucky victim or not, I got "Good news - your password was not among those compromised. You do not need to take any action at this time."

No content, payment and sales-related data, or other information were accessed or compromised. Scribd also mention that if you did not receive an email from them, you are most likely unaffected.

A number of high-profile websites have been hit in the past year with similar attacks, opening up important questions about password security and the re-use of passwords across services. It is important to remember to never re-use passwords across services and to never use passwords that are dictionary words, names, or other easily-guessable choices.

The digital currency Bitcoin has suffered yet another hack. Bitcoin wallet site Instawallet has been taken offline after a security compromise, has suspended its service indefinitely.

Instawallet didn't say in a notice on its website how many bitcoins were stolen after hackers fraudulently accessed company database. "The Instawallet service is suspended indefinitely until we are able to develop an alternative architecture. Our database was fraudulently accessed, due to the very nature of Instawallet it is impossible to reopen the service as-is."

Bitcoin is a virtual currency that uses a peer-to-peer system to confirm transactions through public key cryptography. The company also announced it will accept claims for individual Instawallets for the first 90 days, using the wallets’ URL and key to file the claim. Clients will then be refunded the currency value if the balance is less than 50 BTC.

The breach follows a series of attacks targeting bitcoin services. In September 2012, Bitfloor has suspended all operations after a hacker stole $250,000 worth of bitcoins. In May of last year, exchange site Bitcoinica was also breached, and attackers managed to grab bitcoins valued at $90,000.

It may be a day or two before the effect of this theft on the currency can be determined. Bitcoin-Central is expecting to have their services back up and running within 48 hours and have promised to give 24 hours notice before going live. Instawallet however has been permanently compromised and is closing.

Cloud note-taking service Evernote has been hacked and now you have to reset your password imminently. According to a post on the official Evernote blog, an unidentified attacker compromise the servers and extracted usernames, email addresses, and passwords.

"Evernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service."

But those passwords were encrypted, so all users must change their password before they can log back into their account. "In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost."

Evernote also said that they have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.

There are also several important steps that you can take to ensure that your data on any site, including Evernote, is secure:

Avoid using simple passwords based on dictionary words

Never use the same password on multiple sites or services

Never click on ‘reset password’ requests in emails instead go directly to the service

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!